General
-
Target
ecb01d7f140ad632a0d1dbc641d961c1fb83520b5c8d4010038c084757825387
-
Size
217KB
-
Sample
240212-w8r4msba2v
-
MD5
d722704eff46ac5ca68723e9d35e9c81
-
SHA1
c08f9166337b98a774fd43b771c652bead0b57af
-
SHA256
ecb01d7f140ad632a0d1dbc641d961c1fb83520b5c8d4010038c084757825387
-
SHA512
80f2c9d8e5f630e1b2b511a7460a31c4b98ff8e628fecba33546205a00c11b5638a484c559b7c466cb7d2f2bc9f92b791fa7ab4e7d15cc55c4a0ff65de7a0e9b
-
SSDEEP
6144:DHfZ8S+RSDnm9WwgFyzE9P08R5HYjWjm:TfZ8S+ILm9PgFyzO08R5f
Static task
static1
Behavioral task
behavioral1
Sample
ecb01d7f140ad632a0d1dbc641d961c1fb83520b5c8d4010038c084757825387.exe
Resource
win7-20231215-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://sjyey.com/tmp/index.php
http://babonwo.ru/tmp/index.php
http://mth.com.ua/tmp/index.php
http://piratia.pw/tmp/index.php
http://go-piratia.ru/tmp/index.php
Extracted
amadey
4.14
http://anfesq.com
http://cbinr.com
http://rimakc.ru
-
install_dir
68fd3d7ade
-
install_file
Utsysc.exe
-
strings_key
27ec7fd6f50f63b8af0c1d3deefcc8fe
-
url_paths
/forum/index.php
Targets
-
-
Target
ecb01d7f140ad632a0d1dbc641d961c1fb83520b5c8d4010038c084757825387
-
Size
217KB
-
MD5
d722704eff46ac5ca68723e9d35e9c81
-
SHA1
c08f9166337b98a774fd43b771c652bead0b57af
-
SHA256
ecb01d7f140ad632a0d1dbc641d961c1fb83520b5c8d4010038c084757825387
-
SHA512
80f2c9d8e5f630e1b2b511a7460a31c4b98ff8e628fecba33546205a00c11b5638a484c559b7c466cb7d2f2bc9f92b791fa7ab4e7d15cc55c4a0ff65de7a0e9b
-
SSDEEP
6144:DHfZ8S+RSDnm9WwgFyzE9P08R5HYjWjm:TfZ8S+ILm9PgFyzO08R5f
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-